Done!
> On May 21, 2020, at 9:50 AM, Dave Barnes <dbar...@apache.org> wrote:
>
> Please add this change to support/1.13, Owen.
> Thanks,
> Dave
>
> On 2020/05/21 16:19:49, Dick Cavender <dcaven...@pivotal.io> wrote:
>> +1
>>
>> On Thu, May 21, 2020 at 8:57 AM Ju@N <jujora...@gmail.com> wrote:
>>
>>> +1
>>>
>>> On Thu, 21 May 2020 at 16:53, Anthony Baker <bak...@vmware.com> wrote:
>>>
>>>> +1
>>>>
>>>>> On May 21, 2020, at 8:51 AM, Owen Nichols <onich...@pivotal.io> wrote:
>>>>>
>>>>> Some automated scans have flagged Geode Pulse as potentially containing
>>>> “high" security vulnerability CVE-2020-5407.
>>>>>
>>>>> Analysis shows that this saml vulnerability is not applicable to Geode
>>>> Pulse.
>>>>>
>>>>> It is low risk to bump the spring-security dependency to the latest
>>>> version to avoid false positives in automated scans. This change is
>>>> already on develop and all tests have passed. It would be nice to
>>> include
>>>> this in 1.13.
>>>>>
>>>>> -Owen
>>>>
>>>>
>>>
>>> --
>>> Ju@N
>>>
>>
